CVE-2026-21677

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

12 Jan 2026, 20:40

Type Values Removed Values Added
References () https://github.com/InternationalColorConsortium/iccDEV/commit/201125fbda22c8e4ea95800a6b427093fa4b8a22 - () https://github.com/InternationalColorConsortium/iccDEV/commit/201125fbda22c8e4ea95800a6b427093fa4b8a22 - Patch
References () https://github.com/InternationalColorConsortium/iccDEV/issues/181 - () https://github.com/InternationalColorConsortium/iccDEV/issues/181 - Issue Tracking, Exploit, Vendor Advisory
References () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-95w5-jvqf-3994 - () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-95w5-jvqf-3994 - Patch, Vendor Advisory
First Time Color
Color iccdev
CPE cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

06 Jan 2026, 19:16

Type Values Removed Values Added
References () https://github.com/InternationalColorConsortium/iccDEV/issues/181 - () https://github.com/InternationalColorConsortium/iccDEV/issues/181 -

06 Jan 2026, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-06 04:15

Updated : 2026-01-12 20:40


NVD link : CVE-2026-21677

Mitre link : CVE-2026-21677

CVE.ORG link : CVE-2026-21677


JSON object : View

Products Affected

color

  • iccdev
CWE
CWE-20

Improper Input Validation

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior